[PATCH] D18783: [clang-tidy] add new checker for string literal with NUL character.

[Richard via cfe-commits]

LegalizeAdulthood added a subscriber: LegalizeAdulthood.
LegalizeAdulthood added a comment.

There are some APIs where a series of strings are passed as a single `char *` with NUL separators between the strings and the last string is indicated by two NUL characters in a row.  For instance, see the MSDN documentation <https://msdn.microsoft.com/en-us/library/windows/desktop/ms682450(v=vs.85).aspx> for the `lpDependencies` argument to `CreateService` <https://msdn.microsoft.com/en-us/library/windows/desktop/ms682450(v=vs.85).aspx>.  Such strings literals in the code look like:

  LPCTSTR dependencies = _T("one\0two\0three\0four\0");

I don't see any annotation on this argument in `<winsvc.h>` where this function is declared, so there's no hint from the header about this argument.  In this case, the biggest mistake people make is omitting the final NUL character, thinking that the `\0` acts as a string separator and not a terminator:

  LPCTSTR dependencies = _T("one\0two\0three\0four");

If you're lucky this results in a crash right away.  If you're unlucky the compiler placed this constant in an area of memory with zero padding and it works by accident on your machine until it ships to a customer and then breaks on their machine mysteriously.

I was never a fan of these magic string array arguments and they mostly appear in the older portions of the Win32 API, but they are there nonetheless.  I would hate for this check to signal a bunch of false positives on such strings.


http://reviews.llvm.org/D18783